In Long Term Evolution (LTE) the layer 3 communication between the eNodeB (eNB) and Mobile Equipment (ME) is described by the Radio Resource Control (RRC) protocol, as described by 3rd Generation Partnership Project (3GPP) Technical Specification (TS) 36.331, version 9.2.0.
If the ME experience problems such as e.g. radio link failure or failure when performing a handover, the ME may trigger the RRC Connection Re-establishment procedure in order to re-establish the RRC connection. The re-establishment procedure involves resumption of Signal Radio Bearer (SRB) 1 operation and re-activation of Access Stratum (AS) security.
Upon initiating this procedure, the ME selects which cell to perform the re-establishment to. For example, if the ME is connected to a first cell before initiating the RRC Connection Re-establishment procedure, the ME may choose to re-establish to a second cell or a third cell if radio conditions in the second and third cells are better than in the first cell. The second and third cells may belong to another eNodeB. When the ME has selected a cell, the ME will transmit the RRC Connection Re-establishment Request message to that cell.
In order for the RRC Connection Re-establishment to be successful, the cell which the ME triggers re-establishment to is from now on referred to as the “target” cell must have a valid context for the specific ME and hence be prepared for the re-establishment before the ME triggers the procedure.
When the target cell receives the RRC Connection Re-establishment Request message from a ME, the target cell must identify the context for this ME and then also verify that the ME sending the RRC Connection Re-establishment Request message is indeed the ME which is authorized to use this particular context. The identification and verification is made using the supplied information in the RRC Connection Re-establishment Request message. This information comprises:                Physical Cell Identity (PCI) of the cell which the ME was connected to prior to initiating the RRC Connection Re-establishment procedure. This cell is from now on referred to as the “source” cell.        Cell Radio Network Temporary Identifier (C-RNTI) which the ME had in the source cell, and        shortMAC-for data Integrity (shortMAC-I) which is the 16 least significant bits of the MAC-I (Message Authentication Code) calculated using the KRRCint key and the integrity protection algorithm in the source cell. When the ME calculates the shortMAC-I, the following input variables are used:                    C-RNTI allocated to the ME in the source cell,            PCI of the source cell and            Cell Identity of the target cell.                        
The PCI and C-RNTI together are not sufficient to uniquely identify and verify a ME since it is possible that two MEs located in separate neighboring cells have the same PCI and are also allocated the same C-RNTI. In the case the neighboring cells are placed on different frequencies, said cells are likely to have the same PCI due to re-use of cell-planning In addition, the C-RNTI is just a 16-bit field which can be assigned from a monotonically increasing counter. If the counters used in two cells are close to each other, there will be collisions in the C-RNTIs rather often. Therefore the shortMAC-I is needed to provide a unique identity for the ME.
In normal operation of authenticated calls, the integrity protection algorithm used for calculating the shortMAC-I is either the EPS Integrity Algorithm (EIA) 1, EIA 2 or EIA 3, which MAC algorithm provides a ME-unique shortMAC-I to be used by target cell for identification and verification, as outlined in 3GPP TS 33.401, version 9.3.1.
However, in the case of an ME performing unauthenticated calls, the Null Integrity algorithm, EIA0 is used for integrity protection. Whether unauthenticated calls at all are allowed or not, depend on the regulations in the country where the call is taking place. When EIA0 is used for integrity protection it will also be used to calculate the shortMAC-I. The EIA0 algorithm produces a MAC which consists of only zeros, independent of input parameters. The shortMAC-I will also be a MAC containing only zeroes. Considering two unauthenticated MEs, ME 1 and ME 2, doing unauthenticated calls and having the same C-RNTI allocated in neighboring cells with same PCI, the current solution to use PCI, C-RNTI and shortMAC-I will not provide a ME-unique identity to be used when target cell shall identify and verify the ME during RRC Connection Re-establishment. Depending on eNB vendor implementation, an ongoing unauthenticated call involving ME 1 in cell 1 might therefore be interrupted by another ME, e.g. ME 2 in cell 2 also doing an unauthenticated call, trying to do an RRC Connection Re-establishment to cell 1.
This can occur in case there is a problem authenticating the MEs for instance due to that the Universal Mobile Telecommunication System (UMTS) Subscriber Identity Module (USIM) is absent, the serving network cannot obtain authentication vectors due to a network failure, because the USIM is in limited service mode in the serving network, due to that there is no roaming agreement or the Individual Mobile Subscriber Identity (IMSI) is being barred, or due to that authentication is possible the serving network cannot successfully authenticate the USIM.
In addition, in case of an accident it is quite likely that several MEs make emergency calls, which may be unauthenticated calls, simultaneously and that they all have similar radio conditions since they are located in nearby positions.
The alternative to allowing these collisions to occur is to not support the RRC Connection Re-establishment procedure when the EIA0 algorithm is used. This would however not provide the same possibility to maintain the RRC connection for MEs that are authenticated as for those who are unauthenticated. Typically one would also want to keep emergency calls alive to as far an extent as possible due to their inherent urgency.